Generating encrypted ID token

Overview


This article explains an example on how to configure Authlete to generate encrypted ID tokens for a particular client. 


Preparing JWK set



Prepare a JWK set document of the client. The JWK set is to be used for encrypting ID tokens. The following example illustrates usage of mkjwk.org service to generate the set, and parameters specified for it. 

  • Key Type: Elliptic Curve
  • Curve: P-256
  • Key Use: Encryption
  • Algorithm: ES256
  • Key ID: 2
JWK Keypair set の生成


Remove a private key from the genereated "Keypair set." For the keypair set in the example above, the result after deleting the row "d": "VYpT8aPtp3U1nyJ1-frMc8Pw01wZYN6v2D9e94JegF8", is as follows.

{
  "keys": [
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "2",
      "x": "X4nQU-WdtrWgUa-YjYvlPuV1goj3NZoRz8O_6gTwi7Q",
      "y": "jnNV0ME2VVpxJfgqtOBY17pGpTkL4RZDmqMs87Fl4G4",
      "alg": "ES256"
    }
  ]
}

This JSON document is to be used as a JWK set of the client's public key.
 

Client settings


Registering JWK set


Register the public key JWK set to the client, which is the recipient of encrypted ID tokens. In Developer Console, add the JWK set to "JWK Set Content" under "JWK Set" tab for the client. See Client Settings - JWK Set for details.

Registering the JWK set for the client


Configuring ID token


Choose encryption algorithm of ID token for the client. See Client Settings - JWK Set for details.

In this example, the following settings in accordance with the registered public key are specified

  • ID Token Encryption Algorithm: ECDH_ES
  • ID Token Encryption Encoding Algorithm: A128CBC_HS256

With the settings above, Authlete will be encrypting ID tokens for the client.
How did we do with this article?